Apache如何禁止通过非指定域名或IP访问服务器

Linux2022-05-27
Apache如何禁止通过非指定域名或IP访问服务器-下一朵云
图1 禁止非指定域名IP访问

Apache/httpd禁止非指定域名或IP访问,仅允许指定域名访问:

一、具体配置如下,修改httpd.conf或者修改vhost配置文件,添加如下内容:

<VirtualHost *:80>
    documentRoot "/var/www/html/"
    #ServerName www.orcy.net.cn #如禁止通过www.orcy.net.cn访问则取消注释
        <Location />
            AllowOverride None
            Require all denied
        </Location>

    ErrorLog logs/error_log
    TransferLog logs/access_log
    LogLevel warn
</VirtualHost>
##
#以下为正常虚拟主机配置文件
<VirtualHost *:80>
    DocumentRoot "/var/www/html"
    ServerName test.orcy.net.cn

    ErrorLog logs/error_log
    TransferLog logs/access_log
    LogLevel warn

<FilesMatch "\.(cgi|shtml|phtml|php)$">
    SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/var/www/cgi-bin">
    SSLOptions +StdEnvVars
</Directory>


BrowserMatch "MSIE [2-5]" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

#   Per-Server Logging:
#   The home of a custom SSL log file. Use this when you want a
#   compact non-error SSL logfile on a virtual host basis.
CustomLog logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

</VirtualHost>

二、如果站点开启了ssl则配置如下

只需要添加ssl证书路径

<VirtualHost *:80>
    documentRoot "/var/www/html/"
    #ServerName www.orcy.net.cn #如禁止通过www.orcy.net.cn访问则取消注释
        <Location />
            AllowOverride None
            Require all denied
        </Location>
    SSLEngine on

    SSLProtocol all -SSLv3
    SSLProxyProtocol all -SSLv3
    SSLHonorCipherOrder on
    SSLCipherSuite PROFILE=SYSTEM
    SSLProxyCipherSuite PROFILE=SYSTEM

    SSLCertificateFile /cert/test.crt #替换为你自己的证书路径
    SSLCertificateKeyFile /cert/test.key #替换为你自己的证书路径
    SSLCACertificateFile /cert/test_ca.crt #替换为你自己的证书路径

    ErrorLog logs/error_log
    TransferLog logs/access_log
    LogLevel warn
</VirtualHost>
##
#以下为正常虚拟主机配置文件
####省略####
版权声明:本文为下一朵云发布文章,转载请附上原文出处链接和本声明。
本文链接:https://www.orcy.net.cn/1379.html

​ 广告:HCIE-Security认证课程辅导资料(付费)

暂无评论

发表评论

电子邮件地址不会被公开。 必填项已用*标注